ietf-smime
[Top] [All Lists]

RE: Receipt Request Attribute

1999-05-12 10:21:59
All,

I had forgotten about the text in section 1.3.4 -- I agree that would
disallow the placment in a receipt request in a counter signature.

I also agree that I don't have a reason for doing receipt requests in
counter signatures, but I have also learned never to underestimate the
things needed by somebody in the market that I have never heard of and will
hopefully never hear from.   Given that the question was being asked I made
the assumption that Tom had some type of requirement that might require this
type of behavior.

jim


-----Original Message-----
From: jsp(_at_)jgvandyke(_dot_)com [mailto:jsp(_at_)jgvandyke(_dot_)com]
Sent: Wednesday, May 12, 1999 8:56 AM
To: Jim Schaad (Exchange); ietf-smime(_at_)imc(_dot_)org
Cc: jsp(_at_)ajsn101(_dot_)jgvandyke(_dot_)com
Subject: Re: Receipt Request Attribute


All,

I respectfully disagree with Jim's reply to Tom's message.

First, ESS Section 1.3.4, Placement of Attributes, states: "The only
attributes that are allowed in a counterSignature attribute are 
counterSignature, messageDigest, signingTime, and
signingCertificates."  This means that receiptRequest attributes are
not allowed to be carried in a counterSignature attribute.

Second, IMHO, it does not make sense to request a signedReceipt for
a counterSignature.  A signedReceipt is intended to prove that a
recipient received and was able to verify the signature of the
message sent by the signer.  What would a signedReceipt prove 
for a counterSignature since the thing that is signed is not
a message, it is the originator's signature of the original message???

I do not believe that we should change ESS to allow receiptRequests 
to be included in counterSignature attributes.

- John Pawling




Tom,

My opinion on this would be:

1.  A CounterSignature can contain a receipt request.
2.  The receipt request on the original SignedData and the receipt receipt
on the CounterSignature can be different.  The requirement is that all
receipt requests in a SignerInfo sequence be the same and a CounterSigner
has a different SignerInfo sequence

jim


-----Original Message-----
From: Tom Kung [mailto:Tom(_dot_)Kung(_at_)entrust(_dot_)com]
Sent: Monday, May 10, 1999 11:48 AM
To: 'ietf-smime(_at_)imc(_dot_)org'
Subject: Receipt Request Attribute


Gooday,

I would appreciate clarification on the following with respect to the
Receipt Request attribute:

1.    May a CounterSignature contain a receipt request?

2.    If so, MUST all receipt requests in a SignedData be identical?  The
spec specifies that all Receipt Requests be identical.  Is it the intent
that CounterSignatures containing a receipt request MUST also be identical
with other receipt requests if it exists?  I don't see why each
countersignature can not have a different receipt request.


thanx,tom.


<Prev in Thread] Current Thread [Next in Thread>